← voltar
CVE-2024-51482

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64

CVSS 10 CRITICALEPSS 36.9%CWE-89
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
ZoneMinder · zoneminder
PoCs públicas encontradas9
githubgithub.com/plur1bu5/CVE-2024-51482-PoC14githubgithub.com/BridgerAlderson/CVE-2024-514828githubgithub.com/0xDaeras/CVE-2024-51482-POC7githubgithub.com/Erhui-Li/CVE-2024-51482-ZoneMinder-CCTV-HTB-Reliable-EXP0githubgithub.com/Revnin/CCTV-MACHINE0githubgithub.com/BwithE/CVE-2024-514820githubgithub.com/mattiapertusati/htb-cctv0githubgithub.com/Ravi-lk/CVE-2024-51482-ZoneMinder-v1.37.-1.37.64-SQL-Injection-POC0githubgithub.com/lnn0v4/sqli-hunter-CVE-2024-51482-PoC0
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59fhttps://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3